Over the last decade, there has been a substantial increase in the use and deployment of network enabled client devices. These client devices may connect to a network device such that the client devices may have access to other devices of a network system. These client devices may be authenticated before gaining greater access to the network system.
For granular control of network access, the network device requires groups of privileges setting definitions (e.g., roles) to be defined. These privilege setting definition are mapped to each authenticated client device and indicate levels and types of access available to each client device in the network system. Privilege setting definitions may include virtual local area network (VLAN) information, voice over Internet Protocol (VoIP) settings, firewall rules, and quality of service (QoS) settings.
The configuration of privilege setting definitions may be done by administrators of the network either directly in the network device or in a central management server. In either case, the process of keeping privilege setting definitions in all network devices up-to-date and synchronized is tedious, inefficient, and may be extremely large in scale. In particular, current systems require each network device in the network system to store each set of privilege settings definitions even when these privilege setting definitions are not in use by the network device (i.e., not assigned to a client device connected to a particular network device). Accordingly, even though certain privilege setting definitions may not be used by a network device, the network system is still required to update these definitions and the network device is still required to devote storage to these definitions.
The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.